* Required knowledge

** Terminology

- Hostname :: A /hostname/ is the first part from the left of a FQDN (fully qualified domain name). For example of the FQDN ~savannah.gnu.org~ the hostname would be ~savannah~.
- TLD :: TLD stands for top-level domain.
- Domain :: The part of a URL immediately before the TLD.
- Subdomain :: Any part (except for protocol, like ~https://~ and similar) before the domain.

* Jitsi Meet setup steps

(following the guide at [[https://www.scaleway.com/en/docs/setting-up-jitsi-meet-videoconferencing-on-debian-buster/]])

1. Run the following commands to configure your hostname, corresponding to your subdomain and domain:

   #+begin_src shell
   hostnamectl set-hostname jitsi
   sed --in-place='backup' 's/^127.0.1.1.*$/127.0.1.1 <SUBDOMAIN>.<DOMAIN>.<TLD> <ALTERNATE-NAME>/g' /etc/hosts
   sed --in-place='backup' 's/^127.0.0.1.*$/127.0.0.1 localhost <SUBDOMAIN>.<DOMAIN>.<TLD> <ALTERNATE-NAME>/g' /etc/hosts
   #+end_src

   - For ~<ALTERNATE-NAME>~ we are choosing ~jitsi~.

   - This code does the following:

     1. set the system's hostname to ~jitsi~ in ~/etc/hostname~
     2. uses ~sed~ to replace all occurrences of, which ~127.0.1.1~ followed by an arbitrary string, with ~127.0.1.1 <SUBDOMAIN>.<DOMAIN>.<TLD> <ALTERNATE-NAME>~ /in place/ (~--in-place~), meaning that the file is changed directly, instead of outputting to stdout, and creating backups with the suffix ~backup~ (~--in-place='backup'~).
     3. uses ~sed~ to replace all occurrences of, which ~127.0.0.1~ followed by an arbitrary string, with ~127.0.0.1 localhost <SUBDOMAIN>.<DOMAIN>.<TLD> <ALTERNATE-NAME>~ /in place/ (~--in-place~), meaning that the file is changed directly, instead of outputting to stdout, and creating backups with the suffix ~backup~ (~--in-place='backup'~).

2. Update and upgrade system packges:

   #+begin_src shell
   apt update && apt upgrade
   #+end_src

3. Install required system packages:

   #+begin_src shell
   apt-get install lsb-release
   #+end_src

4. Install NGINX:

   #+begin_src shell
   apt-get install --yes nginx
   systemctl start nginx.service
   systemctl enable nginx.service
   #+end_src

5. Add apt key of Jitsi:

   #+begin_src shell
   wget --quiet --output-document - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
   #+end_src

6. Add Jitsi repository to sources:

   #+begin_src shell
   sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"
   #+end_src

7. Update repositories:

   #+begin_src shell
   apt-get update
   #+end_src

8. Install Jitsi Meet:

   #+begin_src shell
   apt-get install --yes jitsi-meet
   #+end_src

   1. Enter FQDN: ~<SUBDOMAIN>.<DOMAIN>.<TLD>~

   2. Choose self-signed certificate

9. Run letsencrypt script:

   #+begin_src shell
   bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
   #+end_src

10. Enter a valid e-mail address.

11. If the script finishes without errors, you should be able to visit your Jitsi Meet instance at ~<SUBDOMAIN>.<DOMAIN>.<TLD>~.

** Port forwarding

Run the following ~ufw~ commands:

#+begin_src shell
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 10000/udp
sudo ufw allow 22/tcp
sudo ufw allow 3478/udp
sudo ufw allow 5349/tcp
sudo ufw enable
#+end_src

** User management

- Apparently user management is done via a tool named "prosody":

  #+begin_quote
  Prosody is a modern XMPP communication server. It aims to be easy to set up and configure, and efficient with system resources. Additionally, for developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols.
  #+end_quote

  ([[https://wiki.archlinux.org/index.php/Prosody]])

- Prosody is written in Lua and can apparently be configured and extended by editing Lua scripts and adding Lua scripts in specific directories, which Prosody knows about.

*** User creation

- Initially user creation will not work:

  #+begin_src shell
  prosodyctl register <USERNAME> <SUBDOMAIN>.<DOMAIN>.<TLD> '<SECRET>'
  #+end_src

  Will result in:

  #+begin_src quote
  Error: Account creation/modification not supported.
  #+end_src

  Without any explanation, why this might be the case.

- To fix the problem with user creation, apparently one has to change the authentication method for users on the Jitsi Meet instance inside a configuration file:

  - config file: ~/etc/prosody/conf.avail/<FQDN>.cfg.lua~

  - change it to be:

    #+begin_src lua
    VirtualHost "<SUBDOMAIN>.<DOMAIN>.<TLD>"
        -- enabled = false -- Remove this line to enable this host
        authentication = "internal_hashed"
    #+end_src

- Add the following line to ~/etc/jitsi/jicofo/sip-communicator.properties~:

  #+begin_src lua
  org.jitsi.jicofo.auth.URL=XMPP:<SUBDOMAIN>.<DOMAIN>.<TLD>
  #+end_src

- Then register the user as tried before:

  #+begin_src shell
  prosodyctl register <USERNAME> <SUBDOMAIN>.<DOMAIN>.<TLD> '<SECRET>'
  #+end_src

- Restart Jitsi stuff:

  #+begin_src shell
  systemctl restart prosody
  systemctl restart jicofo
  systemctl restart jitsi-videobridge2
  #+end_src

*** enable guests to login anonymously

Change ~/etc/prosody/conf.avail/<SUBDOMAIN>.<DOMAIN>.<TLD>.cfg.lua~ to:

  #+begin_src lua
  VirtualHost "guest.<SUBDOMAIN>.<DOMAIN>.<TLD>"
      authentication = "anonymous"
      modules_enabled = {
         "turncredentials";
      }
      c2s_require_encryption = false
  #+end_src

  Note, that you do not need to create a DNS record for the guest subdomain. The user guide says the following:

  #+begin_quote
  Note that guest.jitsi-meet.example.com is internal to Jitsi, and you do not need to (and should not) create a DNS record for it, or generate an SSL/TLS certificate, or do any web server configuration.
  #+end_quote

  ([[https://jitsi.github.io/handbook/docs/devops-guide/secure-domain]])

  Also change the config at ~/etc/jitsi/meet/<SUBDOMAIN>.<DOMAIN>.<TLD>-config.js~ to:

  #+begin_src lua
  var config = {
     hosts: {
        domain: '<SUBDOMAIN>.<DOMAIN>.<TLD>',
        anonymousdomain: 'guest.<SUBDOMAIN>.<DOMAIN>.<TLD>',
        ...
     },
     ...
  }
  #+end_src

*** List all users

#+begin_src shell
ls -l /var/lib/prosody/*/accounts/*
#+end_src

** Configuration files

- ~/etc/prosody/conf.avail/[your-hostname].cfg.lua~
- ~/etc/jitsi/meet/[your-hostname]-config.js~
- ~/etc/jitsi/jicofo/sip-communicator.properties~

* To do [0/4]

- [ ] What does Jigasi do?
- [ ] What exactly is SIP and how does it relate to XMPP and Gajim?
- [ ] Is it possible to connect to my Jitsi-Meet instance using Gajim?
- [ ] Do we need to up any limits?

      #+begin_src shell
      # /etc/systemd/system.conf
      DefaultLimitNOFILE=65000
      DefaultLimitNPROC=65000
      DefaultTasksMax=65000
      #+end_src
